Overview

overview

7

Static

static

1

Terraria_1.4.4.9.zip

windows7-x64

7

Terraria_1.4.4.9.zip

windows10-2004-x64

1

Terraria_1...p3.zip

windows7-x64

1

Terraria_1...p3.zip

windows10-2004-x64

1

AlbumArtSmall.jpg

windows7-x64

3

AlbumArtSmall.jpg

windows10-2004-x64

3

Folder.jpg

windows7-x64

3

Folder.jpg

windows10-2004-x64

3

Re-Logic -...ay.mp3

windows7-x64

1

Re-Logic -...ay.mp3

windows10-2004-x64

6

Re-Logic -...ie.mp3

windows7-x64

1

Re-Logic -...ie.mp3

windows10-2004-x64

6

Re-Logic -...ht.mp3

windows7-x64

1

Re-Logic -...ht.mp3

windows10-2004-x64

6

Re-Logic -...en.mp3

windows7-x64

1

Re-Logic -...en.mp3

windows10-2004-x64

6

Re-Logic -...nd.mp3

windows7-x64

1

Re-Logic -...nd.mp3

windows10-2004-x64

6

Re-Logic -... 1.mp3

windows7-x64

1

Re-Logic -... 1.mp3

windows10-2004-x64

6

Re-Logic -...le.mp3

windows7-x64

1

Re-Logic -...le.mp3

windows10-2004-x64

6

Re-Logic -...on.mp3

windows7-x64

1

Re-Logic -...on.mp3

windows10-2004-x64

6

Re-Logic -...on.mp3

windows7-x64

1

Re-Logic -...on.mp3

windows10-2004-x64

6

Re-Logic -...ow.mp3

windows7-x64

1

Re-Logic -...ow.mp3

windows10-2004-x64

6

Re-Logic -... 2.mp3

windows7-x64

1

Re-Logic -... 2.mp3

windows10-2004-x64

6

Re-Logic -...ow.mp3

windows7-x64

1

Re-Logic -...ow.mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2024, 17:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Re-Logic - Terraria Soundtrack - 08 Corruption.mp3

  • Size

    6.4MB

  • MD5

    1a6ceb9e0469dbdd2bbf0a675267c33a

  • SHA1

    fe9fbd477207a17dce7066e14448419acc8d55b3

  • SHA256

    6b828db640ed0ad2679d4cb0bb718b89e738db7e1404f99d09e641f25cd55063

  • SHA512

    1f44c85b89e4c2f52a9be41aaf3db8e90f8038eaaef1a2d51c20d6ab3bb858ce59aca468ba29f745e3829c779a682c7bcc386866d6a375dc2fe98830a6e3329e

  • SSDEEP

    196608:PLBqD0+RirJWIhas8gbG60QLMHZqx8pKQJNeL:PL0D0+orJhhnbntMHMxmzyL

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Re-Logic - Terraria Soundtrack - 08 Corruption.mp3"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3688
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3380
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2988
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:4224
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x398 0x37c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    063793e4ba784832026ec8bc3528f7f1

    SHA1

    687d03823d7ab8954826f753a645426cff3c5db4

    SHA256

    cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

    SHA512

    225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    627ca585cc2d317a91e2b266c45833a9

    SHA1

    6bab91749945c1108f3df277db44296a3aaa5004

    SHA256

    6eac0cf9652abef7549ae5a71548b5d8740e66f890d8629e16194b34e1ba1832

    SHA512

    dd6134dc7252a53ed0df8122e5e714c1a34e53e4585188c1b61d3a709bdd077a0f6b2072d76919fd9a6e5b747694beebe8df06e18458e40035d1b3f881620f0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    e347afd08fbd603f188bc858d6a57b42

    SHA1

    30fde518b5f395c16834ddd7b18cfa7ef0f464d6

    SHA256

    49de40ac228c2a7241c8708bf5433aad30d67b9632a15a5baf9df11f11bea527

    SHA512

    f94a9717e1f6bb992fe0e6fdf7a34ad8d11d0bf453ffea3076f6f1b6c962ffcec7f762f8ba08e85eac3b26caf49545ba264e056158003ae1f474a1e1740458c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    dc17714abc8f59c191f8c3ae711fd4d6

    SHA1

    e2926a4ec7d9668f87e1979e18b29f0d00b43f61

    SHA256

    2f8883e4687cfa59aef235895af01a2d3308d5a6122ed5aa23b5aede7d588a8c

    SHA512

    b3a501d9ccdb5292f390c54cea79f015f8f63ed42092e1f2e7ebcfc0a42e7891f17e60b199c01ffc4e2aa2331ea6fb54ce3d162d5791011fe9c7da9ffd6bbee1

    Download Submit

  • memory/3688-34-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-33-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-32-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-31-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-36-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-35-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-44-0x0000000008130000-0x0000000008140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-46-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-47-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-48-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-49-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-52-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-51-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-53-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-54-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-57-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-56-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-55-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-59-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-61-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-63-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-64-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-65-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-62-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-66-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-67-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-68-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-69-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-70-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-73-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-74-0x0000000008130000-0x0000000008140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-71-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-75-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-76-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-77-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-78-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-79-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-80-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-82-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-81-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-85-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-84-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-83-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-86-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-88-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-90-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-92-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-91-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-89-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-93-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-94-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-95-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-96-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-97-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-99-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-100-0x0000000008130000-0x0000000008140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-98-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-101-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-103-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-104-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-105-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-107-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-108-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-106-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download